How to create easier reporting for Windows auditing?

Q:How to create easier reporting for Windows auditing?

Hello,

My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.

Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.

I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.

Please help

RELEVANCY SCORE
200

Preferred Solution:
How to create easier reporting for Windows auditing?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

probably by writing a bat file and executing with admin privileges... but you have to look if there is a way to do it with console commands to event viewer in the first place (it's likely possible).

I have a few of these "shortcuts", double click and Bam! A wall of commands gets executed. Time-saver man.

Why that anyway? If it is locked to other users what is there to log? Failed attempts to open it?

I really hope you are encrypting your drive, as this measure alone is a bit weak if the disk isn't encrypted. (a punk can simply boot that PC from a Linux liveCD or USB thumbdrive and access the unencrypted disk and those files ignoring the windows policy).

My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.

Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.

I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.

Please help

A:How to create easier reporting for Windows auditing?

Create a Custom View in Event Viewer, then he could just go to that item and view the relative log entries.

Hello,My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.Please help

A:How to create easier reporting for Windows auditing?

Hello and Welcome....Here is something you may try, its a little program Called MyEventViewer by Nirsoft. No install required, its free and quite simple to use. Maybe your dad will not have any difficulty learning how to use it to view the logs.Take a look at it here..... http://www.nirsoft.net/utils/my_event_viewer.html (change the hxxp to http) Mod Edit: Fixed link - Hamluis.

Has anyone had any luck with enabling Windows commandline process auditing as noted in the article: https://technet.microsoft.com/en-us/library/dn535776.aspx
I've been testing this out on a Windows 7 Prof system to see how commands executed via the commandline are recorded in the event logs. I was able to enable all of the policy settings as noted in the article however upon testing I've noticed that not all
commands are being recorded. For example del, rename, and copy commands are not being recorded whereas other sys-admin type commands (ipconfig, netstat, nslookup..etc) are being recorded. My question is does anyone know why these commands are not being recorded
since according to the example in the article they should be?
Thanks

I changed ownership of my C:\ in order to change permissions, be able to audit, and delete files which are locked. Usually system files are locked and I ignore those when prompted that they cannot be changed without admin approval (even providing admin approval doesn't allow their modification). I'm wondering what I have to do to be able to make decisions on my own system? Does anyone know a good step by step guide? My old Windows installation is taking up 17 gigs on my hard drive and I have a 230g hard drive. Needless to say space is precious with the size of downloads/installations being what they are (games that are 20g, Windows updates that are 3g..). Thanks in advance.

Should I be worried? Also I don't know if this is the right place to post this...

Code:
System

-Provider

[ Name]Microsoft-Windows-Security-Auditing

[ Guid]{54849625-5478-4994-A5BA-3E3B0328C30D}

EventID6281

Version0

Level0

Task12290

Opcode0

Keywords0x8010000000000000

-TimeCreated

[ SystemTime]2013-01-26T20:14:21.908303300Z

EventRecordID46291

Correlation

-Execution

[ ProcessID]4

[ ThreadID]6656

ChannelSecurity

Computerbluedragon

Security

-EventData

param1\Device\HarddiskVolume2\Windows\System32\VMWRP64.DLL

Edit:

I not certain but I seem to have a lot of warnings, errors, etc. Hopefully nothing serious.

A:Microsoft-Windows-Security-Auditing failure

Do you still need help with this? If so, please post back and I'll see what assistance I can provide.

Please provide these reports (even if not experiencing BSODs) so we can provide a complete analysis: https://www.eightforums.com/bsod-cra...tructions.html

Please also do this:- open Event Viewer (eventvwr.msc)- expand the Custom Views category (left click on the > next to the words "Custom Views")- right click on Administrative Events- select "Save all Events in Custom View as..."- save the file as Admin.evtx- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).

Hello Everybody,
We have a requirement in our project to audit all security relevant events on the system, including the start/stop of auditing functions. The problem is that windows is not registering the start of event log service when you manually stop/start the service.
There only an audit event on the system log, but linked to the system startup and not under security category when you do the start/stop manually. Is this a windows bug or a matter of configuration?
Best regards,
Alejandro.

I am interested in upgrading many computers to Windows 8.1 (from Windows 8). Ideally I would like to create an upgrade DVD, which is 'self running' and contains the required update files - Download Windows 8.1 Update for x64-based Systems (KB2919355) from Official Microsoft Download Center

According to Microsoft (previous link) it is necessary to download several update files, and install them in a particular order. I would like to do away with this tedious method...

As Joe mentioned in this blog post, the amount of interest in the Windows 10 preview has been phenomenal. We appreciate that IT pros are trying out the new features and providing feedback. But more importantly, we appreciate the sheer number of devices that you are upgrading from previous versions of Windows ? whether from Windows 7, Windows 8, or Windows 8.1. The telemetry from these upgrades enables us to further streamline and improve the upgrade process ? important because this is the primary way we expect organizations to deploy Windows 10.

In my blog post on September 30th, we introduced this idea of having a simpler deployment process, using an in-place upgrade instead of the traditional wipe-and-load approach that organizations have historically used to deploy new Windows versions. This upgrade process is designed to preserve the apps, data, and configuration from the existing Windows installation, taking care to put things back the way they need to be after Windows 10 has been installed on the system.

Of course it?s critical that at the same time we do everything we can to ensure that existing apps ?just work.? We understand the challenges that many organizations experienced as part of their Windows XP to Windows 7 migrations, and are working hard to ensure that compatibility between Windows 7, Windows 8 and Windows 10 is excellent. This also applies to hardware: we are designing Windows 10 to have the same ov... Read more

Did you know that with the Windows 10 Fall Creators Update, you have a currency converter built right into the calculator on your Windows 10 PC?

It?s true ? in fact, it also includes converters for things like time, power and temperature ? so you can easily, quickly convert from Fahrenheit to Celsius and back again. Simply open Calculator, click on the menu button on the left, and select what you?d like to convert.

Head over here to read more about what?s new in the Fall Creators Update, and have a great week!

Source

A:Windows 10 Tip: Travel easier with the built-in currency converter

MalwareTips Bot said:↑

Did you know that with the Windows 10 Fall Creators Update, you have a currency converter built right into the calculator on your Windows 10 PC?

It?s true ? in fact, it also includes converters for things like time, power and temperature ? so you can easily, quickly convert from Fahrenheit to Celsius and back again. Simply open Calculator, click on the menu button on the left, and select what you?d like to convert.

Head over here to read more about what?s new in the Fall Creators Update, and have a great week!

SourceClick to expand...

I have it on Anniversary/Creators Win 10 builds. Just update the UWP apps to get the new features.

I want to see if this user went to yahoo mail and logged in under a specific username (which I have and it is a yahoo account). I need to see if they did or didn't and the time. Anything able to do this with index.dat/stored files or should this be in the security section.

I've just come across MBSA when sorting out a missing IE11 update and am impressed with it.

One item on the reports says:

NeitherLogon Success nor Logon Failure auditing are enabled. Enable auditing and turnon auditing for specific events such as logon and logoff. Be sure to monitoryour event log to watch for unauthorized access.

I've searched here and found several threads (mainly about auditing access to documents - none about Logon/Logoff) in which the route suggested was Control Panel -> Security & System -> Administrative Tools -> Local Security Settings. There is no 'Local Security Settings' in my menu there and a search of my laptop has found nothing.

Is there an alternative route please?

A:How do I enable Auditing?

I forgot to add that the excellent MBSA provides a detailed explanation on every item and a 'how to correct this' link. Unfortunately, though, the link relates only to 'a computer running Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, or Windows 2000' and also mentions 'Local Security Settings'.

It was very early when I posted this - I must have been half-asleep. I should post this on the Microsoft forum and let you guys get on helping those who need it more than I do.

I am trying to find an application that can do an audit of my PC and tell me what applications I have installed and all of their serial and license keys. I know these applications exist cause my company uses one for when we reimage a machine. I am in essence going to be reimaging my machine to either Windows 7 Ultimate 64bit or going with Windows 8.1 64 Bit and dont want to have to check each and every piece of software to get this.

there is a user who wants to know who's making some incorrect changes to a file that is shared to 7 people. the file is on an nt 4.0 server. none of them will fess up so she wants to know if there's a way to find out who is accessing it, at what time, and, if possible, what they did. can nt do this? if so, how?

we run a complete nt 4.0 network (servers/workstations). thanks for the help.

Hey guys/gals, anyone, do any of you all know what is a good auditing program? What I need it to do is go out and tell me what is on each one of my users computer. What software they have on their system, what hardware, bios and all the neat stuff in between.

A:auditing program

Try helpdesk software in your search. Many of those, although they're also designed to have call records, contain hardware records on the users. Even if you can't buy the program, perhaps you can download a trial to find out how they've done it. I can't see that it would be too difficult to build one in Access.

We have been seeing an abnormally high detections of reconnaissance of AD using the SAMR protocol. According to the ATA documentation on Suspicious activity guide, it recommend using the SAMRi10 tool to block unauthorized queries. We don't have
AD servers on Server 2016, but it appears that according the following we can do the same with manual registry changes - https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.
We started of with auditing, to see how much activity would be blocked. Since the auditing we are getting dozens of events per second. Is there an easy way of figuring out what on the machines are using the SAMR request?

I have excluded the all GPOs for computer objects, and we only getting the request on logoff.

I refurbish PCs for a non-profit org. The PCs usually have no OS and I was wondering if there is a free or low cost auditing software that runs from a bootable CD and displays CPU speed and type, RAM and HD size, all from one place. The PCs are all brands and vintages and there's thousands of them!Thanks

A:Need system auditing software that....

Any bootable linux CD should be able to do this. Knoppix, DSL, or MandrakeMove, etc.

would anyone know if there's a possibility to switch off Application and System auditing in Windows XP? I've gone through some articles but neither talked about these 2, only Security. I know that the security function has to be enabled and can be disabled, what about the other 2? It consumes some resources which might be gained from this. I also noticed that Windows 7 logs security as well even if not set. I have 3518 entries in Win 7 Security log even though the audit policy is set to No auditing. Any hints how to disable?

A:Application and System auditing

Erm, what IS "Application and System auditing". I read your post, and went looking around via Google because I had never heard of these things and found no hits that include "application" and "system" both with the word "auditing".

How do I audit events on a stand alone NT 4 server? I've gone into User Manager for Domains and turned it on there, but nothing is showing up under the security portion of Event Viewer. Any help would be great.

A:Auditing events on an NT 4 server...

you must also enable auditing on the folders and files you want to monitor activity on. you can do this by going into the properties option when you right-click on a folder/file and selecting the Securities tab. click on the auditing button and set it.

I am Using Windows 7 Enterprise and three Users working on my system after I'm leaving to office so Please tell me about any software for Auditing who accessing my file and folder ... i know Group Policy Auditing Option and i have tried it. but i can't easily Read and understanding log..it is very hard.

So i kindly Request to Please give me Auditing Software Name or Link for the same.

I permanently have 5 instances of svchost.exe running, with the User Name field showing SYSTEM, LOCAL SERVICE and NETWORK SERVICE. None of them show up on a netstat -b listing. Is there a way to monitor what arguments they were launched with, which process launched them, and what they're trying to do?

Performance optimization is about one thing: making computer programs run faster. The execution of instructions is cheap for modern computer hardware while the fetching of instruction operands is expensive. Thus, memory usage can have a direct impact on how fast an application executes and is an important metric to optimize. In this article, we discuss the basics of memory optimization for .NET programs. First, we outline the cases where memory access is a bottleneck and is useful to optimize. Next, we discuss the general breakdown of how memory is used in a typical .NET program. Lastly, we discuss tools and strategies to determine the memory consumption of your .NET application and reduce it.

Under Windows 8 Pro (64 bit), Reliability Monitor fails when I tell it to Check for Solutions to All Problems.
From the Desktop, I go to Action Center, expand the Maintenance area, View Reliability History and then select Check for Solutions to All Problems. It asks if I want to send more information about some problems, I say yes, it sends some information
and comes back asking if I want to send more information. I say yes, and it comes back with the message:
"Problem uploading to the Windows Error Reporting service
Some of the reports could not be uploaded to the Windows Error Reporting service. Please try again later."

Hi all,Not sure if Iím in the right place but I need some help finding any tool to help me do some auditing on some folders in our servers. I need to find all the directories and files that have not been modified in the last two years. I have tried running a cmd prompt but due to the large amount of folders within folders etc, itís endless and will take me forever to sort out.Any help will be greatly appreciated.Paula

A:Solved: Auditing tool for folders

You could get Karen's Directory Printer. It will give you a list of all files/folders including Date Last Modified and you can sort by Date Last Modified.

I want to track all my AD logs also It should give full audit of changes/modifications/deletions made to active directory and can I filter these changes by administrator who made them?Any Input would be appreciated

I am having issues with a specific registry key changing sporadically with a particular software I use, and our IT department is trying to figure out what other progam may be causing this to change. The software vendor said we needed to enable auditing to track changes made to the registry to determine what else is going on at the time these changes are happening. We are using Windows7. We can enable auditing, but the event viewer does not show registry changes as the software vendor says it should. Is there some hidden setting we are missing that needs changed to be able to actually see dates/times when the registry is changing and what is changed?

A:enable auditing for registry key changes in Win7

Set up a test OU and use the server GPMC to create a new group policy for that computer and user you want to test against.

every time i turn this stupid thing on a blue screen pops up saying that a serious error has occured i have allready tuned off the error reporting in the control panel how do i get this to stop poping up or fi,d out what the problem is to fix it help me someone

A:windows xp error reporting

Please post the exact error. (as much as possible as some errors can be quite long) A blue screen has nothing to do with 'error reporting' whether it's on or off. A blue screen error is a sign of a serious problem somewhere. Please post as much info about your computer as possible.

I thought my motherboard was out after I couldnt get it to start. So I put my hard drive into another machine, activated Windows and everything was good. Then realized what was wrong with my MB was the cat had chewed through a cable connected to the front usb which was causing a fault. So removed it and MB was back. So put my hard drive back in the original MB and now Windows 7 is seeing the wrong CPU and Ram. The original compueter has an I5 and the one I put my HD in was an I3. Now Windows only sees the I3, not the I5. I have formatted, reset CMOS, updated BIOS, nothing has worked. Even took the CPU of the old board and put in on the other one and still nothing changed. How in the world do I get Windows 7 to see the right hardware!

A:Windows 7 reporting wrong CPU and RAM

You`ve re installed windows and the system still does not see the i5 ?

Hi, i have some problems with some files that prevents my game from starting up, assasin creed origin. been talking back and forth with Uplay about troubleshooting and the issues why it wont start, this was my latest response:

After reviewing the msinfo file, we can see that your system reports errors with some of the Microsoft files like ntdll.dll, kernelbase.dll,
etc. These are system files that our game needs. It's possible these are corrupt in parts of the file that we try to access or maybe there are different versions of the same file whereas others are in temp folders.

Some of our players could fix this first by reinstalling Windows, but if I were you, I would search the web for a response from Microsoft on
how to fix these files to see if this could get the game started again.

In the msinfo file under [Windows Error Reporting] you may also find more errors about some TEMP folders. We would suggest that the contents
of these are deleted after rebooting your PC. Afterwards do another restart so there is no reference to files in these folders.

Ok so I disabled WER couple weekds ago due to it slowing down my connection as it was reporting hundreds of issues with GLID.

Now that there appears to be no more GLID problems I would like to re-enable WER so I can help MS improve Windows 7.

Unfortunately it wont restart. When I go into Services and change startup type from disabled to automatic or manual an error saying "The system cannot find the path specified" comes up. Is there anything I need to enable before restarting this service?

I got a mini pc from best buy and it reads Intel Pentium E2210 2.20GHz i'm like ok this fits my needs. I install some computer specs software mainy CPU-Z,Speccy and Windows 7 index.It reads Intel Pentium E5400 2.70GHz. I'm not mad at this after all more GHz. It's just weird did best buy give me the right box but not the right computer? lol

A:Windows 7 reporting wrong CPU

Download HWInfo32 from the drivers guide in my sig and post a screenshot of the system summary screen. Search for snip in the start menu.

I am getting hangs and freezes and cant figure out why. Here is my windows error reporting.... can someone let me know if they see something I can do to remedy this. Also, please let me know if there is anything else I should check or post to help.

When starting ie6, windows error reporting comes on immediately and asks to restart ie6. Cannnot get ie6 to get past this error msg. Have uninstalled and reinstalled ie6 to no avail. Downloaded firefox and have no trouble. I would like to try and disable windows error reporting and see if this corrects the issue. Any ideas?
[/IMG]